CVE-2014-8154

Published: Jan 27, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.

Affected (3)

Products: Gnome: Vala · Opensuse: Opensuse

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gnome Vala	Version 0.26.0
Gnome Vala	Version 0.26.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1177840

Source: secalert@redhat.com

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1181404

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1177840

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=1181404

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.